Re: question about ipchains on dual interface machine

To: Josh Rollyson <dinodrac@magenet.net>, debian-firewall@lists.debian.org
Subject: Re: question about ipchains on dual interface machine
From: Mike Dresser <mdresser@windsormachine.com>
Date: Wed, 10 Oct 2001 14:24:37 -0400
Message-id: <3BC49265.74974362@windsormachine.com>
References: <3BC46B40.3CBC66B@windsormachine.com> <20011010140020.J13795@summit.magenet.net>

Josh Rollyson wrote:

> This hypothetical exploit shouldn't be allowed to exist in the first place.
> If you have a service on port 23 vunerable to scriptkiddie.c that service
> needs to be immeadiatly replaced with one not vunerable. A firewall is
> a last line of defense, you should never rely entirely on any one security
> solution.

Agreed completely.. But when you have services you want used internally, but not
externally, that becomes the problem. I should have said that instead of the
exploit situation.

Mike

Reply to:

References:
- question about ipchains on dual interface machine
  - From: Mike Dresser <mdresser@windsormachine.com>
- Re: question about ipchains on dual interface machine
  - From: Josh Rollyson <dinodrac@magenet.net>

Prev by Date: Re: question about ipchains on dual interface machine
Next by Date: Re: question about ipchains on dual interface machine
Previous by thread: Re: question about ipchains on dual interface machine
Next by thread: Re: question about ipchains on dual interface machine
Index(es):
- Date
- Thread